[ 28 63 29 20 31 39 39 39 20 63 72 75 63 69 70 68 75 78 20 68 77 61 ] =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-= ========================================================================== = <=-[ HWA.hax0r.news ]-=> = ========================================================================== [=HWA'99=] Number 31 Volume 1 1999 Sept 5th 99 ========================================================================== [ 61:20:6B:69:64:20:63:6F:75: ] [ 6C:64:20:62:72:65:61:6B:20:74:68:69:73: ] [ 20:22:65:6E:63:72:79:70:74:69:6F:6E:22:! ] ========================================================================== Well http://welcome.to/HWA.hax0r.news/ is still down and out of reach, I have an email in to the admins of the V3 redirector site to see if I can't get access back to my redirector but i'm not hopeful. Meanwhile you can get us at www.csoft.net/~hwa =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-= A Comment on FORMATTING: I received an email recently about the formatting of this newsletter, suggesting that it be formatted to 75 columns in the past I've endevoured to format all text to 80 cols except for articles and site statements and urls which are posted verbatim, I've decided to continue with this method unless more people complain, the zine is best viewed in 1024x768 mode with UEDIT.... - Ed =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-= New mirror sites http://www.sysbreakers.com/hwa http://www.attrition.org/hosted/hwa/ http://www.ducktank.net/hwa/issues.html. http://viper.dmrt.com/files/=E-Zines/HWA.hax0r.news/ http://hwazine.cjb.net/ http://www.hackunlimited.com/files/secu/papers/hwa/ http://www.attrition.org/~modify/texts/zines/HWA/ * http://hwa.hax0r.news.8m.com/ * http://www.fortunecity.com/skyscraper/feature/103/ * Crappy free sites but they offer 20M & I need the space... HWA.hax0r.news is sponsored by Cubesoft communications www.csoft.net and www.digitalgeeks.com thanks to p0lix for the digitalgeeks bandwidth and airportman for the Cubesoft bandwidth. Also shouts out to all our mirror sites! tnx guys. http://www.csoft.net/~hwa http://www.digitalgeeks.com/hwa HWA.hax0r.news Mirror Sites: ~~~~~~~~~~~~~~~~~~~~~~~~~~~ http://www.attrition.org/hosted/hwa/ http://www.attrition.org/~modify/texts/zines/HWA/ http://www.ducktank.net/hwa/issues.html. ** NEW ** http://www.alldas.de/hwaidx1.htm ** NEW ** CHECK THIS ONE OUT ** http://www.csoft.net/~hwa/ http://www.digitalgeeks.com/hwa. *DOWN* http://members.tripod.com/~hwa_2k http://welcome.to/HWA.hax0r.news/ http://www.attrition.org/~modify/texts/zines/HWA/ http://archives.projectgamma.com/zines/hwa/. http://www.403-security.org/Htmls/hwa.hax0r.news.htm =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-= SYNOPSIS (READ THIS) -------------------- The purpose of this newsletter is to 'digest' current events of interest that affect the online underground and netizens in general. This includes coverage of general security issues, hacks, exploits, underground news and anything else I think is worthy of a look see. (remember i'm doing this for me, not you, the fact some people happen to get a kick/use out of it is of secondary importance). This list is NOT meant as a replacement for, nor to compete with, the likes of publications such as CuD or PHRACK or with news sites such as AntiOnline, the Hacker News Network (HNN) or mailing lists such as BUGTRAQ or ISN nor could any other 'digest' of this type do so. It *is* intended however, to compliment such material and provide a reference to those who follow the culture by keeping tabs on as many sources as possible and providing links to further info, its a labour of love and will be continued for as long as I feel like it, i'm not motivated by dollars or the illusion of fame, did you ever notice how the most famous/infamous hackers are the ones that get caught? there's a lot to be said for remaining just outside the circle... @HWA =-----------------------------------------------------------------------= Welcome to HWA.hax0r.news ... #31 =-----------------------------------------------------------------------= We could use some more people joining the channel, its usually pretty quiet, we don't bite (usually) so if you're hanging out on irc stop by and idle a while and say hi... ******************************************************************* *** /join #HWA.hax0r.news on EFnet the key is `zwen' *** *** *** *** please join to discuss or impart news on techno/phac scene *** *** stuff or just to hang out ... someone is usually around 24/7*** *** *** *** Note that the channel isn't there to entertain you its for *** *** you to talk to us and impart news, if you're looking for fun*** *** then do NOT join our channel try #weirdwigs or something... *** *** we're not #chatzone or #hack *** *** *** ******************************************************************* =-------------------------------------------------------------------------= Issue #31 =--------------------------------------------------------------------------= [ INDEX ] =--------------------------------------------------------------------------= Key Intros =--------------------------------------------------------------------------= 00.0 .. COPYRIGHTS ...................................................... 00.1 .. CONTACT INFORMATION & SNAIL MAIL DROP ETC ....................... 00.2 .. SOURCES ......................................................... 00.3 .. THIS IS WHO WE ARE .............................................. 00.4 .. WHAT'S IN A NAME? why `HWA.hax0r.news'?.......................... 00.5 .. THE HWA_FAQ V1.0 ................................................ =--------------------------------------------------------------------------= Key Content =--------------------------------------------------------------------------= 01.0 .. GREETS .......................................................... 01.1 .. Last minute stuff, rumours, newsbytes ........................... 01.2 .. Mailbag ......................................................... 02.0 .. From the Editor.................................................. 03.0 .. "Hacking" Hotmail ............................................... 04.0 .. IRC warfare in the 90's.......................................... 05.0 .. The Frontpage exploit............................................ 06.0 .. Simple SMTP spoofing (yes it still works on most systems)........ 07.0 .. So you wanna be a hacker?........................................ 08.0 .. DoD Still at Serious Risk ....................................... 09.0 .. Clinton Urged to Reverse Crypto Policy .......................... 10.0 .. L0pht Releases Version 1.0 of AntiSniff ......................... 11.0 .. HOPE 2000 Date Announced ........................................ 12.0 .. IBM and MS Receive Bomb Threats via Email ....................... 13.0 .. BackDoor-G Hits Web Hosting Company.............................. 14.0 .. HNN Adds New Search Engine....................................... 15.0 .. 40 Million Hotmail accounts vulnerable........................... 16.0 .. The MindPhaser Arrest Details ................................... 17.0 .. Defcon VIII Dates Announced ..................................... 18.0 .. Sex, Photographs and InfoCriminals .............................. 19.0 .. Toadie Virus Spreads via mIRC DCC................................ 20.0 .. Lawyer Jennifer Granick ......................................... 21.0 .. Hired Guns Who Wear White Hat ................................... 22.0 .. Hackers Unite Claim Responsibility .............................. 23.0 .. HotMail Hole Eight Weeks Old? ................................... 24.0 .. Microsoft Apologizes for Hotmail fiasco.......................... 25.0 .. What is the Crime? Hotmail Hole or the CoverUp? ................. 26.0 .. Canadian Government Website Defaced ............................. 27.0 .. Australian Users Forced to Pay for Censorship ................... 28.0 .. FBI Not Giving Up, Still Wants to Read Your Mail ................ 29.0 .. OpenBSD - For a Secure And Open Society ......................... 30.0 .. Are Malicious Coders A Y2K Problem? ............................. 31.0 .. Air Force Considers Spam Cyber Attack ........................... 32.0 .. Hackers threat to ministers' website ............................ 33.0 .. HACKER SENTENCED TO 18 MONTHS.................................... 34.0 .. "MOST SOFTWARE SOLD ONLINE IS PIRATED"........................... 35.0 .. "THURSDAY" VIRUS SIGHTINGS....................................... 36.0 .. Legions of the Underground calls it quits (LoU).................. 37.0 .. Anonymous email servers.......................................... 38.0 .. ETEXT: How to hack, a guide for 'Newbies' by PlowskĄ Phreak...... 39.0 .. GOVERNMENT SITES ATTACKED........................................ 40.0 .. CyberArmy Lists: Proxies, Wingates, Accounts etc................. 41.0 .. ETEXT: Phreaking: Build a diverter that works on SS7 systems..... 42.0 .. The NSA is in your computer!..................................... 43.0 .. Analyzer Pleads Innocent ........................................ 44.0 .. 'Thursday' Hits Banks in UK ..................................... 45.0 .. Presidential Hopefuls Don't Care About Privacy .................. 46.0 .. Prisoners to Fix Computers For Schools .......................... 47.0 .. The Other Side of the HotMail Hole .............................. 48.0 .. Chinese Man Sentenced to 18 Months for Computer Intrusion ....... 49.0 .. New Y2K Problem - 9999 More on the "nines problem"............... 50.0 .. More HNN Features in My HNN,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,, 51.0 .. PARGAIN WEB HOAX CREATOR SENTENCED............................... 52.0 .. 403-security.org changes servers................................. 53.0 .. GERMAN ENCRYPTION PRODUCTS FREELY EXPORTABLE..................... 54.0 .. AN OVERLOAD OF COMPUTER CRIME.................................... 55.0 .. MORE ON HOTMAIL.................................................. 56.0 .. LINUS TORVALDS................................................... 57.0 .. The mystery of MAX (Part 1)...................................... =--------------------------------------------------------------------------= AD.S .. Post your site ads or etc here, if you can offer something in return thats tres cool, if not we'll consider ur ad anyways so send it in. ads for other zines are ok too btw just mention us in yours, please remember to include links and an email contact. Corporate ads will be considered also and if your company wishes to donate to or participate in the upcoming Canc0n99 event send in your suggestions and ads now...n.b date and time may be pushed back join mailing list for up to date information....................................... Current dates: POSTPONED til further notice, place: TBA.. ................. Ha.Ha .. Humour and puzzles ............................................ Hey You!........................................................ =------=........................................................ Send in humour for this section! I need a laugh and its hard to find good stuff... ;)........................................... SITE.1 .. Featured site, ................................................. H.W .. Hacked Websites ............................................... A.0 .. APPENDICES...................................................... A.1 .. PHACVW linx and references...................................... =--------------------------------------------------------------------------= @HWA'99 00.0 (C) COPYRIGHT, (K)OPYWRONG, COPYLEFT? V2.0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ THE OPINIONS OF THE WRITERS DO NOT NECESSARILY REFLECT THE OPINIONS OF THE PUBLISHERS AND VICE VERSA IN FACT WE DUNNO WTF IS GONNA TAKE RESPONSIBILITY FOR THIS, I'M NOT DOING IT (LOTS OF ME EITHER'S RESOUND IN THE BACKGROUND) SO UHM JUST READ IT AND IF IT BUGS YOU WELL TFS (SEE FAQ). Important semi-legalese and license to redistribute: YOU MAY DISTRIBUTE THIS ZINE WITHOUT PERMISSION FROM MYSELF AND ARE GRANTED THE RIGHT TO QUOTE ME OR THE CONTENTS OF THE ZINE SO LONG AS Cruciphux AND/OR HWA.hax0r.news ARE MENTIONED IN YOUR WRITING. LINK'S ARE NOT NECESSARY OR EXPECTED BUT ARE APPRECIATED the current link is http://welcome.to/HWA.hax0r.news IT IS NOT MY INTENTION TO VIOLATE ANYONE'S COPYRIGHTS OR BREAK ANY NETIQUETTE IN ANY WAY IF YOU FEEL I'VE DONE THAT PLEASE EMAIL ME PRIVATELY current email cruciphux@dok.org THIS DOES NOT CONSTITUTE ANY LEGAL RIGHTS, IN THIS COUNTRY ALL WORKS ARE (C) AS SOON AS COMMITTED TO PAPER OR DISK, IF ORIGINAL THE LAYOUT AND COMMENTARIES ARE THEREFORE (C) WHICH MEANS: I RETAIN ALL RIGHTS, BUT I GIVE YOU THE RIGHT TO READ, QUOTE AND REDISTRIBUTE/MIRROR. - EoD Although this file and all future issues are now copyright, some of the content holds its own copyright and these are printed and respected. News is news so i'll print any and all news but will quote sources when the source is known, if its good enough for CNN its good enough for me. And i'm doing it for free on my own time so pfffft. :) No monies are made or sought through the distribution of this material. If you have a problem or concern email me and we'll discuss it. cruciphux@dok.org Cruciphux [C*:.] 00.1 CONTACT INFORMATION AND MAIL DROP ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Wahoo, we now have a mail-drop, if you are outside of the U.S.A or Canada / North America (hell even if you are inside ..) and wish to send printed matter like newspaper clippings a subscription to your cool foreign hacking zine or photos, small non-explosive packages or sensitive information etc etc well, now you can. (w00t) please no more inflatable sheep or plastic dog droppings, or fake vomit thanks. Send all goodies to: HWA NEWS P.O BOX 44118 370 MAIN ST. NORTH BRAMPTON, ONTARIO CANADA L6V 4H5 WANTED!: POSTCARDS! YESH! POSTCARDS, I COLLECT EM so I know a lot of you are ~~~~~~~ reading this from some interesting places, make my day and get a mention in the zine, send in a postcard, I realize that some places it is cost prohibitive but if you have the time and money be a cool dude / gal and send a poor guy a postcard preferably one that has some scenery from your place of residence for my collection, I collect stamps too so you kill two birds with one stone by being cool and mailing in a postcard, return address not necessary, just a "hey guys being cool in Bahrain, take it easy" will do ... ;-) thanx. Ideas for interesting 'stuff' to send in apart from news: - Photo copies of old system manual front pages (optionally signed by you) ;-) - Photos of yourself, your mom, sister, dog and or cat in a NON compromising position plz I don't want pr0n. - Picture postcards - CD's 3.5" disks, Zip disks, 5.25" or 8" floppies, Qic40/80/100-250 tapes with hack/security related archives, logs, irc logs etc on em. - audio or video cassettes of yourself/others etc of interesting phone fun or social engineering examples or transcripts thereof. Stuff you can email: - Prank phone calls in .ram or .mp* format - Fone tones and security announcements from PBX's etc - fun shit you sampled off yer scanner (relevant stuff only like #2600 meeting activities) - reserved for one smiley face -> :-) <- - PHACV lists of files that you have or phac cd's you own (we have a burner, *g*) - burns of phac cds (email first to make sure we don't already have em) - Any and all telephone sounds/tones/beeps/trunk drops/line tests/etc in .ram etc format or .mp* If you still can't think of anything you're probably not that interesting a person after all so don't worry about it Our current email: Submissions/zine gossip.....: hwa@press.usmc.net Private email to editor.....: cruciphux@dok.org Distribution/Website........: sas72@usa.net @HWA 00.2 Sources *** ~~~~~~~~~~~ Sources can be some, all, or none of the following (by no means complete nor listed in any degree of importance) Unless otherwise noted, like msgs from lists or news from other sites, articles and information is compiled and or sourced by Cruciphux no copyright claimed. News & I/O zine ................. http://www.antionline.com/ Back Orifice/cDc..................http://www.cultdeadcow.com/ News site (HNN) .....,............http://www.hackernews.com/ Help Net Security.................http://net-security.org/ News,Advisories,++ .(lophtcrack)..http://www.l0pht.com/ NewsTrolls .(daily news ).........http://www.newstrolls.com/ News + Exploit archive ...........http://www.rootshell.com/beta/news.html CuD Computer Underground Digest...http://www.soci.niu.edu/~cudigest News site+........................http://www.zdnet.com/ News site+Security................http://www.gammaforce.org/ News site+Security................http://www.projectgamma.com/ News site+Security................http://securityhole.8m.com/ News site+Security related site...http://www.403-security.org/ *DOWN* News/Humour site+ ................http://www.innerpulse.com News/Techie news site.............http://www.slashdot.org +Various mailing lists and some newsgroups, such as ... +other sites available on the HNN affiliates page, please see http://www.hackernews.com/affiliates.html as they seem to be popping up rather frequently ... http://www.the-project.org/ .. IRC list/admin archives http://www.anchordesk.com/ .. Jesse Berst's AnchorDesk alt.hackers.malicious alt.hackers alt.2600 BUGTRAQ ISN security mailing list ntbugtraq <+others> NEWS Agencies, News search engines etc: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ http://www.cnn.com/SEARCH/ http://www.foxnews.com/search/cgi-bin/search.cgi?query=hack&days=0&wires=0&startwire=0 http://www.news.com/Searching/Results/1,18,1,00.html?querystr=hack http://www.ottawacitizen.com/business/ http://search.yahoo.com.sg/search/news_sg?p=hack http://www.washingtonpost.com/cgi-bin/search?DB_NAME=WPlate&TOTAL_HITLIST=20&DEFAULT_OPERATOR=AND&headline=&WITHIN_FIELD_NAME=.lt.event_date&WITHIN_DAYS=0&description=hack http://www.zdnet.com/zdtv/cybercrime/ http://www.zdnet.com/zdtv/cybercrime/chaostheory/ (Kevin Poulsen's Column) NOTE: See appendices for details on other links. http://news.bbc.co.uk/hi/english/sci/tech/newsid_254000/254236.stm http://freespeech.org/eua/ Electronic Underground Affiliation http://ech0.cjb.net ech0 Security http://axon.jccc.net/hir/ Hackers Information Report http://net-security.org Net Security http://www.403-security.org Daily news and security related site Submissions/Hints/Tips/Etc ~~~~~~~~~~~~~~~~~~~~~~~~~~ All submissions that are `published' are printed with the credits you provide, if no response is received by a week or two it is assumed that you don't care wether the article/email is to be used in an issue or not and may be used at my discretion. Looking for: Good news sites that are not already listed here OR on the HNN affiliates page at http://www.hackernews.com/affiliates.html Magazines (complete or just the articles) of breaking sekurity or hacker activity in your region, this includes telephone phraud and any other technological use, abuse hole or cool thingy. ;-) cut em out and send it to the drop box. - Ed Mailing List Subscription Info (Far from complete) Feb 1999 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~ ~~~~~~~~ ISS Security mailing list faq : http://www.iss.net/iss/maillist.html THE MOST READ: BUGTRAQ - Subscription info ~~~~~~~~~~~~~~~~~~~~~~~~~~~ What is Bugtraq? Bugtraq is a full-disclosure UNIX security mailing list, (see the info file) started by Scott Chasin . To subscribe to bugtraq, send mail to listserv@netspace.org containing the message body subscribe bugtraq. I've been archiving this list on the web since late 1993. It is searchable with glimpse and archived on-the-fly with hypermail. Searchable Hypermail Index; http://www.eecs.nwu.edu/~jmyers/bugtraq/index.html Link About the Bugtraq mailing list ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ The following comes from Bugtraq's info file: This list is for *detailed* discussion of UNIX security holes: what they are, how to exploit, and what to do to fix them. This list is not intended to be about cracking systems or exploiting their vulnerabilities. It is about defining, recognizing, and preventing use of security holes and risks. Please refrain from posting one-line messages or messages that do not contain any substance that can relate to this list`s charter. I will allow certain informational posts regarding updates to security tools, documents, etc. But I will not tolerate any unnecessary or nonessential "noise" on this list. Please follow the below guidelines on what kind of information should be posted to the Bugtraq list: + Information on Unix related security holes/backdoors (past and present) + Exploit programs, scripts or detailed processes about the above + Patches, workarounds, fixes + Announcements, advisories or warnings + Ideas, future plans or current works dealing with Unix security + Information material regarding vendor contacts and procedures + Individual experiences in dealing with above vendors or security organizations + Incident advisories or informational reporting Any non-essential replies should not be directed to the list but to the originator of the message. Please do not "CC" the bugtraq reflector address if the response does not meet the above criteria. Remember: YOYOW. You own your own words. This means that you are responsible for the words that you post on this list and that reproduction of those words without your permission in any medium outside the distribution of this list may be challenged by you, the author. For questions or comments, please mail me: chasin@crimelab.com (Scott Chasin) Crypto-Gram ~~~~~~~~~~~ CRYPTO-GRAM is a free monthly newsletter providing summaries, analyses, insights, and commentaries on cryptography and computer security. To subscribe, visit http://www.counterpane.com/crypto-gram.html or send a blank message to crypto-gram-subscribe@chaparraltree.com.  To unsubscribe, visit http://www.counterpane.com/unsubform.html.  Back issues are available on http://www.counterpane.com. CRYPTO-GRAM is written by Bruce Schneier.  Schneier is president of Counterpane Systems, the author of "Applied Cryptography," and an inventor of the Blowfish, Twofish, and Yarrow algorithms.  He served on the board of the International Association for Cryptologic Research, EPIC, and VTW.  He is a frequent writer and lecturer on cryptography. CUD Computer Underground Digest ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ This info directly from their latest ish: Computer underground Digest    Sun  14 Feb, 1999   Volume 11 : Issue 09                             ISSN  1004-042X        Editor: Jim Thomas (cudigest@sun.soci.niu.edu)        News Editor: Gordon Meyer (gmeyer@sun.soci.niu.edu)        Archivist: Brendan Kehoe        Poof Reader:   Etaion Shrdlu, Jr.        Shadow-Archivists: Dan Carosone / Paul Southworth                           Ralph Sims / Jyrki Kuoppala                           Ian Dickinson        Cu Digest Homepage: http://www.soci.niu.edu/~cudigest [ISN] Security list ~~~~~~~~~~~~~~~~~~~ This is a low volume list with lots of informative articles, if I had my way i'd reproduce them ALL here, well almost all .... ;-) - Ed Subscribe: mail majordomo@repsec.com with "subscribe isn". @HWA 00.3 THIS IS WHO WE ARE ~~~~~~~~~~~~~~~~~~ Some HWA members and Legacy staff ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ cruciphux@dok.org.........: currently active/editorial darkshadez@ThePentagon.com: currently active/man in black fprophet@dok.org..........: currently active/IRC+ man in black sas72@usa.net ............. currently active/IRC+ distribution vexxation@usa.net ........: currently active/IRC+ proof reader/grrl in black dicentra...(email withheld): IRC+ grrl in black eentity ...( '' '' ): Currently active/IRC+ man in black Foreign Correspondants/affiliate members ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Qubik ............................: United Kingdom D----Y ...........................: USA/world media HWA members ......................: World Media Past Foreign Correspondants (currently inactive or presumed dead) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ N0Portz ..........................: Australia system error .....................: Indonesia Wile (wile coyote) ...............: Japan/the East Ruffneck ........................: Netherlands/Holland Please send in your sites for inclusion here if you haven't already also if you want your emails listed send me a note ... - Ed Spikeman's site is down as of this writing, if it comes back online it will be posted here. http://www.hackerlink.or.id/ ............ System Error's site (in Indonesian) ******************************************************************* *** /join #HWA.hax0r.news on EFnet the key is `zwen' *** ******************************************************************* :-p 1. We do NOT work for the government in any shape or form.Unless you count paying taxes ... in which case we work for the gov't in a BIG WAY. :-/ 2. MOSTLY Unchanged since issue #1, although issues are a digest of recent news events its a good idea to check out issue #1 at least and possibly also the Xmas issue for a good feel of what we're all about otherwise enjoy - Ed ... @HWA 00.4 Whats in a name? why HWA.hax0r.news?? ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Well what does HWA stand for? never mind if you ever find out I may have to get those hax0rs from 'Hackers' or the Pretorians after you. In case you couldn't figure it out hax0r is "new skewl" and although it is laughed at, shunned, or even pidgeon holed with those 'dumb leet (l33t?) dewds' this is the state of affairs. It ain't Stephen Levy's HACKERS anymore. BTW to all you up and comers, i'd highly recommend you get that book. Its almost like buying a clue. Anyway..on with the show .. - Editorial staff @HWA 00.5 HWA FAQ v1.0 Feb 13th 1999 (Abridged & slightly updated again) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Also released in issue #3. (revised) check that issue for the faq it won't be reprinted unless changed in a big way with the exception of the following excerpt from the FAQ, included to assist first time readers: Some of the stuff related to personal useage and use in this zine are listed below: Some are very useful, others attempt to deny the any possible attempts at eschewing obfuscation by obsucuring their actual definitions. @HWA - see EoA ;-) != - Mathematical notation "is not equal to" or "does not equal" ASC(247) "wavey equals" sign means "almost equal" to. If written an =/= (equals sign with a slash thru it) also means !=, =< is Equal to or less than and => is equal to or greater than (etc, this aint fucking grade school, cripes, don't believe I just typed all that..) AAM - Ask a minor (someone under age of adulthood, usually <16, <18 or <21) AOL - A great deal of people that got ripped off for net access by a huge clueless isp with sekurity that you can drive buses through, we're not talking Kung-Fu being none too good here, Buy-A-Kloo maybe at the least they could try leasing one?? *CC - 1 - Credit Card (as in phraud) 2 - .cc is COCOS (Keeling) ISLANDS butthey probably accept cc's CCC - Chaos Computer Club (Germany) *CON - Conference, a place hackers crackers and hax0rs among others go to swap ideas, get drunk, swap new mad inphoz, get drunk, swap gear, get drunk watch videos and seminars, get drunk, listen to speakers, and last but not least, get drunk. *CRACKER - 1 . Someone who cracks games, encryption or codes, in popular hacker speak he's the guy that breaks into systems and is often (but by no means always) a "script kiddie" see pheer 2 . An edible biscuit usually crappy tasting without a nice dip, I like jalapeno pepper dip or chives sour cream and onion, yum - Ed Ebonics - speaking like a rastafarian or hip dude of colour also wigger Vanilla Ice is a wigger, The Beastie Boys and rappers speak using ebonics, speaking in a dark tongue ... being ereet, see pheer EoC - End of Commentary EoA - End of Article or more commonly @HWA EoF - End of file EoD - End of diatribe (AOL'ers: look it up) FUD - Coined by Unknown and made famous by HNN - "Fear uncertainty and doubt", usually in general media articles not high brow articles such as ours or other HNN affiliates ;) du0d - a small furry animal that scurries over keyboards causing people to type weird crap on irc, hence when someone says something stupid or off topic 'du0d wtf are you talkin about' may be used. *HACKER - Read Stephen Levy's HACKERS for the true definition, then see HAX0R *HAX0R - 1 - Cracker, hacker wannabe, in some cases a true hacker, this is difficult to define, I think it is best defined as pop culture's view on The Hacker ala movies such as well erhm "Hackers" and The Net etc... usually used by "real" hackers or crackers in a derogatory or slang humorous way, like 'hax0r me some coffee?' or can you hax0r some bread on the way to the table please?' 2 - A tool for cutting sheet metal. HHN - Maybe a bit confusing with HNN but we did spring to life around the same time too, HWA Hax0r News.... HHN is a part of HNN .. and HNN as a proper noun means the hackernews site proper. k? k. ;& HNN - Hacker News Network and its affiliates http://www.hackernews.com/affiliates.html J00 - "you"(as in j00 are OWN3D du0d) - see 0wn3d MFI/MOI- Missing on/from IRC NFC - Depends on context: No Further Comment or No Fucking Comment NFR - Network Flight Recorder (Do a websearch) see 0wn3d NFW - No fuckin'way *0WN3D - You are cracked and owned by an elite entity see pheer *OFCS - Oh for christ's sakes PHACV - And variations of same Phreaking, Hacking, Anarchy, Cracking, Carding (CC) Groups Virus, Warfare Alternates: H - hacking, hacktivist C - Cracking C - Cracking V - Virus W - Warfare A - Anarchy (explosives etc, Jolly Roger's Cookbook etc) P - Phreaking, "telephone hacking" PHone fREAKs ... CT - Cyber Terrorism *PHEER - This is what you do when an ereet or elite person is in your presence see 0wn3d *RTFM - Read the fucking manual - not always applicable since some manuals are pure shit but if the answer you seek is indeed in the manual then you should have RTFM you dumb ass. TBC - To Be Continued also 2bc (usually followed by ellipses...) :^0 TBA - To Be Arranged/To Be Announced also 2ba TFS - Tough fucking shit. *w00t - 1 - Reserved for the uber ereet, noone can say this without severe repercussions from the underground masses. also "w00ten" 2 - Cruciphux and sAs72's second favourite word (they're both shit stirrers) *wtf - what the fuck, where the fuck, when the fuck etc .. *ZEN - The state you reach when you *think* you know everything (but really don't) usually shortly after reaching the ZEN like state something will break that you just 'fixed' or tweaked. @HWA -=- :. .: -=- 01.0 Greets!?!?! yeah greets! w0w huh. - Ed ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Thanks to all in the community for their support and interest but i'd like to see more reader input, help me out here, whats good, what sucks etc, not that I guarantee i'll take any notice mind you, but send in your thoughts anyway. * all the people who sent in cool emails and support FProphet Pyra TwstdPair _NeM_ D----Y Dicentra vexxation sAs72 Spikeman p0lix Ken Williams/tattooman of PacketStorm, hang in there Ken...:( & Kevin Mitnick (Happy Birthday) kewl sites: + http://www.securityportal.com/ NEW + http://www.securityfocus.com/ NEW + http://www.hackcanada.com/ + http://www.l0pht.com/ + http://www.2600.com/ + http://www.freekevin.com/ + http://www.genocide2600.com/ + http://www.packetstorm.harvard.edu/ ******* DOWN (THANKS JP) ****** + http://www.hackernews.com/ (Went online same time we started issue 1!) + http://www.net-security.org/ + http://www.slashdot.org/ + http://www.freshmeat.net/ + http://www.403-security.org/ + http://ech0.cjb.net/ @HWA 01.1 Last minute stuff, rumours and newsbytes ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ "What is popular isn't always right, and what is right isn't always popular..." - FProphet '99 +++ When was the last time you backed up your important data? ++ http://www.securify.com/packetstorm/ is the URL for the new Packet Storm Security Site, but where is it? it was supposed to debut in September,well its September now and still no sign of it...we'll keep watching that spot until it makes an appearance and hope it is nearly as good as the old site. Thanks to myself for providing the info from my wired news feed and others from whatever sources, also to Spikeman for sending in past entries.... - Ed @HWA 01.2 MAILBAG - email and posts from the message board worthy of a read ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ (No mail worthy of posting here this issue,) Yeah we have a message board, feel free to use it, remember there are no stupid questions... well there are but if you ask something really dumb we'll just laugh at ya, lets give the message board a bit more use eh? i'll be using a real message board when the hwa-iwa.org domain comes back online (soon) meanwhile the beseen board is still up... Since theres nothing to print here, here's the Mentor's last words direct from Phrack7 file 003 complete and unabridged... send in your mail/questions etc! - Ed ==Phrack Inc.== Volume One, Issue 7, Phile #3 of 10 The following was written shortly after my arrest. I am currently groupless, having resigned from the Racketeers, so ignore the signoff... The Conscience of a Hacker... by The Mentor... 1/8/86 Another one got caught today, it's all over the papers. "Teenager Arrested in Computer Crime Scandal", "Hacker Arrested after Bank Tampering"... Damn kids. They're all alike. But did you, in your three-piece psychology and 1950's technobrain, ever take a look behind the eyes of the hacker? Did you ever wonder what made him tick, what forces shaped him, what may have molded him? I am a hacker, enter my world... Mine is a world that begins with school... I'm smarter than most of the other kids, this crap they teach us bores me... Damn underachiever. They're all alike. I'm in junior high or high school. I've listened to teachers explain for the fifteenth time how to reduce a fraction. I understand it. "No, Ms. Smith, I didn't show my work. I did it in my head..." Damn kid. Probably copied it. They're all alike. I made a discovery today. I found a computer. Wait a second, this is cool. It does what I want it to. If it makes a mistake, it's because I screwed it up. Not because it doesn't like me... Or feels threatened by me... Or thinks I'm a smart ass... Or doesn't like teaching and shouldn't be here... Damn kid. All he does is play games. They're all alike. And then it happened... a door opened to a world... rushing through the phone line like heroin through an addict's veins, an electronic pulse is sent out, a refuge from the day-to-day incompetencies is sought... a board is found. "This is it... this is where I belong..." I know everyone here... even if I've never met them, never talked to them, may never hear from them again... I know you all... Damn kid. Tying up the phone line again. They're all alike... You bet your ass we're all alike... we've been spoon-fed baby food at school when we hungered for steak... the bits of meat that you did let slip through were pre-chewed and tasteless. We've been dominated by sadists, or ignored by the apathetic. The few that had something to teach found us will- ing pupils, but those few are like drops of water in the desert. This is our world now... the world of the electron and the switch, the beauty of the baud. We make use of a service already existing without paying for what could be dirt-cheap if it wasn't run by profiteering gluttons, and you call us criminals. We explore... and you call us criminals. We seek after knowledge... and you call us criminals. We exist without skin color, without nationality, without religious bias... and you call us criminals. You build atomic bombs, you wage wars, you murder, cheat, and lie to us and try to make us believe it's for our own good, yet we're the criminals. Yes, I am a criminal. My crime is that of curiosity. My crime is that of judging people by what they say and think, not what they look like. My crime is that of outsmarting you, something that you will never forgive me for. I am a hacker, and this is my manifesto. You may stop this indiv- idual, but you can't stop us all... after all, we're all alike. +++The Mentor+++ Racketeers ============================================================================== 02.0 From the editor. ~~~~~~~~~~~~~~~~ #include #include #include main() { printf ("Read commented source!\n\n"); /* This issue includes an article by Dragos Ruiu that is well worth the read * it is entitled "Stealth Coordinated Attack HOWTO" as mentioned in the header * and outlines various attack methods employed by todays hacker used to scope * out and penetrate your systems. The article can be found in section 42.0 * * As always we welcome your stories, articles and poetry, please send them with any * information about yourself you see fit or would like included to the address below... * * Please, send your submissions to: hwa@press.usmc.net thank you. * * Cruciphux */ printf ("EoF.\n"); } Congrats, thanks, articles, news submissions and kudos to us at the main address: hwa@press.usmc.net complaints and all nastygrams and mai*lbombs can go to /dev/nul nukes, synfloods and papasmurfs to 127.0.0.1, private mail to cruciphux@dok.org danke. C*:. 03.0 "Hacking" Hotmail ~~~~~~~~~~~~~~~~~ Hotmail Accounts Still Exposed by Declan McCullagh and by James Glave 8:05 a.m. 30.Aug.99.PDT No sooner was one catastrophic security flaw closed Monday -- one that exposed millions of Hotmail accounts to prying eyes -- when another one appeared. The net result: As of 2 p.m. PDT, Hotmail account holders remain in jeopardy of having their email messages read, as well as being impersonated in email. Also: Want Security? Forget Web Mail Did MS Dig Its Hotmail Hole? The first breach was closed Monday at around 9 a.m. PDT, when Hotmail restored access to legitimate subscribers. The second breach is a variation of the first, and may be the result of one Hotmail machine that evidently was not fixed when the others were. The significance of these security holes is that private Hotmail accounts became available to anyone with a Web browser. Most security vulnerabilities on the Internet require in-depth knowledge of Unix or Windows NT language, technical knowledge that the average Web user does not possess. The bug appears to have affected every customer of what Microsoft says is "the world's largest provider of free Web-based email." Between 8:30 and 9 am PDT, Microsoft pulled the plug on large portions of the entire Hotmail site, rendering it unreachable for millions of subscribers. During that period, the only access to Hotmail accounts could be made through illicit means -- by those who had access to a simple code that was spread wildly on the Net over the weekend. That was about 12 hours after the company was notified of the security hole. But users already logged in to their accounts -- or someone else's -- could continue to send, receive, and delete email. Around 9:30, sections of Hotmail began to slowly come back online. By that time, people without Hotmail accounts could connect to the site's homepage. Users with accounts configured to remember their password, however, received this unhelpful message: "ERROR: Cannot open UserData file." As of 10:15 a.m., Microsoft engineers, led by Mike Nichols in Redmond, Washington, had managed to fix that problem, too, and users could log in normally again. Yet there still was no reference to the problem anywhere on either the Hotmail or MSN sites. A Microsoft spokeswoman could not offer any explanation for the problem. She said that the company took down the Hotmail servers as soon as the company was notified of the problem by the European press Monday morning. She said Monday morning that the company had resolved the issue so that future attacks of this type would not be possible. That has not proven the case. The exploit worked this way: Any Web page that contained a short, simple code -- visible on most browsers as a type-in form -- was able connect to a Hotmail server simply by typing in a user name without requiring a password. By early Monday, copies of that HTML code were posted on hacking-related Web sites. The Hotmail exploit apparently took advantage of a bug in the start script that processed a login session between a Web browser and a server. One site where the problem surfaced was at 2038.com, which Network Solutions shows registered to Moving Pictures, a group based in Sweden. Erik Barkel, the contact associated with that domain, could not be reached for comment. As of about 8:30 a.m. that site redirected to a Web page promoting a marketing company. The managers of that company said they had nothing to do with the redirect. "It's just a point[er] put there by a person who's trying make a joke," said Anders Herlin, business development manager at Abel and Baker. "We haven't had the slightest idea why." "All I know is we do not want to be associated with it," said Herlin. "We are a fairly new company. Maybe someone wanted to cause us harm." But the code quickly spread to dozens, if not hundreds of sites. A Swedish newspaper, Expressen , reported the bug in its Monday editions. The bug let anyone log into a Hotmail account without typing a password. "We know nothing about [the individual who tipped us]. It was anonymous," said Christian Carrwik, one of two Expressen reporters who broke the news. "It has been circulating for a couple of days." Expressen said Microsoft was alerted very early Sunday morning. This is only the most recent Microsoft security gaffe. Redmond admitted earlier this month that its MSN Messenger instant messaging client can accidentally disclose Hotmail account passwords. Even if the password is supposedly deleted from a computer, someone else could still view it if they knew the proper keystrokes. Last week, Wired News reported a bug in tens of millions of Microsoft Windows computers that lets an attacker take control of a PC by sending an email message. Lindsey Arent contributed to this report. There are several variations of this theme but the basics remain the same you send a message to an unattended mailbox responder with your password or you access a 'special' url that supposedly allows you into any account on Hotmail. The message version does NOT work and never to my knowledge did. The later is stupid and simple enough to be true but I highly doubt that it works either, unfortunately Hotmail is down at the moment so I can't try it on the system. "Secret Url" Method: ~~~~~~~~~~~~~~~~~~~~ http://207.82.250.251/cgi-bin/start?curmbox=ACTIVE&js=no&login=ENTERLOGINHERE&passwd=h This is obviously just a short cut to the login system which has since been changed, since you now get a Forbidden You don't have permission to access /cgi-bin/start on this server. On the hotmail system. "Secret Form" Method: ~~~~~~~~~~~~~~~~~~~ Hotmail Login
@hotmail.com

View source

[12:03] Looks like Hotmail shut it down finally This also provides the same error as above, so if it ever worked it doesn't now... The Hotmail Password Phisher ~~~~~~~~~~~~~~~~~~~~~~~~~~~~ This isn't a hack its a lameass way for someone to get YOUR hotmail password...there are several variations of this also here's one of them. STEP 1- · The first step in the process of hacking in to someone's hotmail account is quite easy. You simply log into your own e-mail account. ............................................................................................................................................................................................................................ STEP 2- · Once you have logged into your own account, compose an e-mail to henokabraham@hotmail.com. <- phish This is the secret mailing address to the Hotmail Staff!! The hotmail staff will (after recieving the information you will send them) will send you the password that you have 'forgotten' ............................................................................................................................................................................................................................ STEP 3- · Entitle the e-mail "retrieve pword" (CASE INTESIVE) and in the body of the e-mail write this exact code filling in your hotmail password and login, and the victim of hacking's login name The code is as follows: form_pwd: login=WRITE VICTIMS LOGIN HERE sendto=YOUR LOGIN+PASSWORD **Please note! Do NOT Enter the victims email-address, just the loginname** For example if I'd like to send my friends hotmail password (john_graham@hotmail.com) to my email(Henokabraham@hotmail.com) (let's say my password is "pw") I would write like this: form_pwd: login=john_graham sendto=henokabraham+pw ................................................................................................................................................................................................................................................................................... -STEP 4- All you have to do is wait for the hotmail staff to send you a mail containing the password! ................................................................................................................ This process is almost guaranteed to work. A friend of mine found out about this process by way of a family member who works for hotmail so it is quite reliable. There has only been 1 incident that it didn't work for us and that was because the victim had some sort of protection installed on all of their passwords. Why would Hotmail have a value called "sendto"? Here's the thing: The hotmail staff uses this way to get passwords from accounts! They doesn't have direct access to all the password in their database. The process of retieving a password takes far too long if they would scan the database "by hand". This method is used by many other email services as well when they what's to check up on their subscribers. Here's another active example: http://www.angelfire.com/mb/pass/ (formatted for easy reading) This one only has three steps ...and is an even lamer variation to the above... Hacking Hotmail E-Mail Passwords Just follow the easy steps below to receive a person's Hotmail password for there E-Mail. The only Hotmail hack that is easy and works 99% of the time!!! (This MUST be done in your Hotmail E-Mail Account) 1.Send an E-Mail to gate_pass@hotmail.com and list the login name of the person you want the password of. 2.Next include YOUR password because that is what the account supervisors do on Hotmail and they will recognize you as an account supervisor. (I know some X supervisors from HotMail) 3.Now wait 1-4 days for Hotmail to process your request.(may take longer) This site has been visited 29272 times. <- I wonder how many of these were lamers that tried the above? Another variation of the above; ============================================================================================ ============================================================================================ ---------------------------------->The Hotmail Hack<---------------------------------------- ============================================================================================ ============================================================================================ This file is all about Hotmail free internet based e-mail and how to gain access to any account you want. (Well...almost). Anyways, I am not responsible for anything you do with the information in this file and all the rest of the preeching to do with illegal stuff. You may redistribute this file AS IS, you may not change the file in any way without my written permission. This is the first file that I have written as a hacker and I did it for the group which I have just joined, "The United Underground" also known as "u2". Anyways...enuph of this boring junk and on with the fun stuff!!!!! ============== ==BACKGROUND== ============== First a little bit of explanation about hotmail for those of you who are constipated in the brain. Hotmail is, as I hope you know, a webased e-mail system. Which in turn means that it uses cgi- bin as a gateway to there local mashine where all the passwords are and e-mails are stored. Hotmail requires you to enter a login name on one page and a password on another, this is the first key to this hack. When in a Hotmail account there are many options you may choose such as reading mail deleting mail, changeing the interface and so on. The last option is the logout option, wich is the second key to this hack. For this hack you must know the user name of your victim..err...subject. This is always the name in front of the @ in their e-mail address, so that is easily obtained. You must also be using a browser which enables you to view the source code for the page you are currently viewing. That is really it...So what's the catch you say? Well yes...there is a catch, and I'm sure as I study the system more closely it will become obsolete. But for now, your subject MUST be stupid enough to either forget, or not bother to logout once they are done in the system. THAT IS THE KEY TO THIS HACK!!!!!! ========== ==HOW TO== ========== Now for the steps of the hack...... ////// step 1 ////// The first step is to get the username of the subject and go to www.hotmail.com and login with that user name. Make sure you have typed the username exactly right because hotmail will not tell you if you have typed it incorrectly, they also log the IP's of people entering incorrect login names. ////// step 2 ////// It is now time to view the source code of the password page that you are on now. It should say www.hotmail.com/cgi-bin/password.cgi in the URL box. Anyways, view the source for this page. Five lines down or so from the top of the source code page, it will say

That is a very important line....but before I tell you how to use that line, I'm going to side track for a little theory behind this hack. Because there's NO point in a hack, if you don't know how it works. That is the whole idea of hacking, to find out how systems work. So anyways, when you login to hotmail, the cgi-bin gateway marks you as being IN the system. If you don't logout, and you just leave the page, or turn off your computer, the Hotmail system doesn't know that you are gone from your account. So back to the real text. The action="URL" part of the line above is where the subjects account is located. So after the real owner of the account has loged in and given his/her password, they will go to a page that says...... http://somenumber/cgi-bin//start/username/anothernumber in the URL box...... ////// step 3 ////// Hmmmmm...funny thing, that's the same number that we obtained earlier in this text from the source code for the password page. So after you have that URL, you must type in into the URL box ONLY!!!! You can not click the open button, or use an open command for reasons that are way beond the grasp of this text. So after you've entered that URL, press enter, and watch as hotmail gives you complete access over the subjects Hotmail account. //////////////////////////////////////////////////////////////////////////////////////////////// /Now remember that this hack ONLY works if the owner of the account does NOT logout from his/ / /her account. Also, please have mercey for the poor idiot on the other end that owns the / /account, and do not delete any messages or any shit like that. Just be happy that you DID / /gain access to the account and then leave. I have set up a hotmail account with a few e-mails/ /going in and out of there every once in a while. The address is oxyenn@hotmail.com (yes, that/ /is an extra n on oxygen, don't forget it). Hack this account freely, I realy don't care, but / /please don't go using it to compose harassing or anonomous e-mail. That is lame, and if I do / /find anyone doing it, I will find your IP from the login sequence, and trac you down, or, if / /any legal action results in it, report your ip to the authorities. So please, it would be / /alot easier if you just co-operate. Thank you:) / //////////////////////////////////////////////////////////////////////////////////////////////// This file was made for newbies, and those who are always looking to learn. Not for all you expirienced hackers who know it all, unless you realy wanted to read it. So don't bother mailing u2 or me (if you somehow get my e-mail address) flamming us or shit like that. /////\\ |||||||| ////////// |||||||||| ///////\\\\\\\ //\\ || // \\ || // // || /\ // \\ || // \\ || || || /\ // \\ || // \\ || || || /\ // \\ || // // || || || /\ // \\ || // // || || //////// || /\ // \\ || // // || || // // || /\ //////////////\\ || // // || || // || /\ // \\ || // // || \\ // || /\ // \\ || // // |||||||| \\\\\\\// |||||||||| /\ // \\||\\\\\\\\\\\ -assassin- @HWA 04.0 IRC warfare in the 90's ~~~~~~~~~~~~~~~~~~~~~~~ This consists of various texts and in no way is complete. The second one is by St0rmer and is fairly new and up to date except that nuke no longer works and that many IRC servers on most of the major nets check for wingates on initialization.- Ed First of all its amazing how many people have been "on the internet" for years and still have no clue what IRC is and what it does, they are IRC virgins yet to have their cherries popped in the morasse of IRC... the first text is a short FAQ which does a pretty good job of explaining IRC. -=- (1) What is IRC? IRC stands for "Internet Relay Chat". It was written by Jarkko Oikarinen (jto@tolsun.oulu.fi) in 1988. Since starting in Finland, it has been used in some 20+ countries spanning the globe. It was designed as a replacement for the "talk" program but has become much much more than that. IRC is a multi-user chat system, where people convene on "channels" (a virtual place, usually with a topic of conversation) to talk in groups, or privately. IRC gained international fame during the late Persian Gulf War, where updates from around the world came accross the wire, and most people on irc gathered on a single channel to hear these reports. (2) How is IRC set up? The user runs a "client" program (usually called 'irc') which connects to the irc network via another program called a "server". Servers exist to pass messages from user to user over the irc network. (3) How do I use a client? You either compile the source yourself, have someone else on your machine compile the source for you, or use the TELNET client. "telnet bradenville.andrew.cmu.edu". Please only use the latter when you have no other way of reaching irc, as this resource is quite limited. (4) Where can I get source for the irc client? UNIX client-> cs.bu.edu /irc/clients plod.cbme.unsw.edu.au nic.funet.fi pub/unix/irc ftp.informatik.tu-muenchen.de pub/net/irc slopoke.mlb.semi.harris.com there is also a client avaliable with the server code. EMACS elisp-> cs.bu.edu /irc/clients/elisp nic.funet.fi ftp.informatik.tu-muenchen.de slopoke.mlb.semi.harris.com EMACS elisp "irchat"-> cs.bu.edu /irc/clients/elisp lehtori.cc.tut.fi:/pub/irchat nic.funet.fi:/pub/irchat VMS -> cs.bu.edu /irc/clients/vms coombs.anu.edu.au REXX client for VM-> cs.bu.edu /irc/clients/rxirc ftp.informatik.uni-oldenburg.de pub/irc/rxirc MSDOS-> cs.bu.edu /irc/clients/msdos freebie.engin.umich.edu:/pub/irc/clients/MSDOS Macintosh-> cs.bu.edu /irc/clients/macintosh sumex-aim.stanford.edu /info-mac/comm (5) Which server do I connect to? It's usually best to try and connect to one geographically close, even though that may not be the best. You can always ask when you get on irc. Here's a list of servers avaliable for connection: --> irc.chat.org --> irc.frontiernet.net csd.bu.edu ucsu.colorado.edu badger.ugcs.caltech.edu ug.cs.dal.ca nic.funet.fi vesuv.unisg.ch munagin.ee.mu.oz.au sunsystem2.informatik.tu-muenchen.de This is, by no means, a comprehensive list, but merely a start. Connect to the closest of these servers and join the channel #Twilight_Zone When you get there, immediately ask what you want. Don't say "I have a question" because then hardly anyone will talk. (6) OK, I've got a client and I'm connected to a server? Now what? It's probably best to take a look around and see what you want to do first. All irc commands start with a "/", and most are one word. Typing /help will get you help information. /names will get you a list of names, etc. The output is typically something like this-> (Note there are more channels than this, this is just sample output). Pub: #hack zorgo eiji Patrick fup htoaster Pub: #Nippon @jircc @miyu_d Pub: #nicole MountainD Pub: #hottub omar liron beer Deadog moh pfloyd Dode greywolf SAMANTHA "Pub" means public (or "visible") channel. "hack" is the channel name. "#" is the prefix (see number 7 below). A "@" before someone's nickname indicates he/she is the "Channel operator" of that channel. A Channel Operator is someone who has control over a specific channel. It can be shared or not as the first Channel Operator sees fit. The first person to join the channel automatically gets Channel Operator, and can share it with anyone he/she chooses (or not). (7) I hear this talk about "+" channels, but I don't see any. What were they? "+" channels were in older server versions. They no longer exist, and probably will stay dead in later code revisions. (8) What are good channels to try while using irc? #hottub and #initgame are almost always teeming with people. #hottub is meant to simulate a hot tub, and #initgame is non-stop game of "inits" (initials). Just join and find out! Many irc operators are in #Twilight_Zone ... so if you join that channel and don't hear much talking, don't worry, it's not because you joined, operators don't talk much on that channel anyways! (9) How can I find out more about how + and # channels are changing? ftp to cs.bu.edu and look at irc/irc-2.7.CHANGES (10) What if someone tells me to type something cryptic? Never type anything anyone tells you to without knowing what it is. There is a problem with typing a certain command with the ircII client that gives anyone immediate control of your client (and thus can alter your account environment also). (11) What is NickServ? What if I can't remember my NickServ password? To quote from NickServ's help text, NickServ's purpose is to keep unique nicknames on irc. NickServ sends a warning to anyone else who signs on with your nickname. If you don't use IRC for 10 weeks, your nickname expires for reuse. Only a NickServ operator can change your nickserv password. To find out which NickServ operators are online, send /msg NickServ@service.de OPERWHO Nicknames with a "*" next to them are online at the time. (12) What is IPCLUB? GIF-Archives of IRC-persons? IPCLUB stands for IRC Picture Club. It is an E-Mail service provided by tommi@phoenix.oulu.fi for all the users of the Internet. For more help, mail tommi@phoenix.oulu.fi with the subject of "IPCLUB/HELP". (13) Where can I learn more? A good place to start might be downloading the irc tutorials. They're avaliable via anonymous ftp from cs.bu.edu in /irc/support/tutorial.* .. You can also join various IRC related mailing lists. "operlist" is a list that discusses current (and past) server code, routing, and protocol. You can join by mailing operlist-request@eff.org. You can join the irchat mailing list by mailing irchat-request@cc.tut.fi. There is a low traffic ircII mailing list, mail dl2p+@andrew.cmu.edu to be added. Another mailing list, ircd-three@eff.org, exists to discuss protocol revisions for the 3.0 release of the ircd, currently in planning. Mail ircd-three-request@eff.org to be added to that. (13) What do I do if I'm still confused or have additions to this posting? email hrose@eff.org or ask for help (in *#Twilight_Zone) on irc. * this is where many opers hangout...try www.irchelp.org as well - Ed -=- --==[ How to get ops and takeover a channel on IRC ]==-- _-_-_-_-_-_-_-_-_-_ \\ by St0rmer // _-_-_-_-_-_-_-_-_-_-_ E-mail: st0rmer@hotmail.com 8 . 6 . 98 ---------- I've been spending a lot of time online lately reading all kinds of stupid text files on how to "Takeover Ops Boi!!!", "LeEt WaYs To gEt OpS!!!", "HOW TO GET OPS ON SERVER SPLITS", etc. We all know none of these things work, at least not for me. They're either written by morons, or they were written like 10 years ago and don't work anymore. The method I'm presenting here DOES work, but it takes practice, patience, and careful reading. Tools needed: ------------ An IRC script that can do mass deops quickly and easily (preferibly one that lets you press an F# (function) key to do mass deops, or one that automatically mass deops once you gain ops). You don't want to have to start going through popup menus since you have to do this quickly. An IRC script that can do mass CTCP versioning. I'll explain later. A wingate scanner. These aren't too hard to find. Check http://web.aurecvideo.fr/pixel/progs (this link worked as of 8/6/98). A few 'war' programs to exploit irc clients, nuke, flood, etc. When I say flood, I don't mean like a ping flood in mIRC, I mean like a real ICMP flooder. Try to find Final Fortune, it's a program I made myself... very effective. A lot of patience. A brain. Process: ------- Find a channel you want to takeover. This method will NOT work on Dalnet or any other networks with anything like ChanServ. Also, this won't work if all of the ops in the channel are bots (unless they're VERY badly programmed). OK, so once you're in the channel, do a Version CTCP on all of the ops in there. Look for exploitable scripts (some versions of ircN, mIRC 5.3x, mIRC 5.4, etc.). Now, let's say you find someone with nick 'DumbOP' and he's using a script that you know you can exploit and disconnect him from IRC (but don't crash him yet!). /dns DumbOP to find his IP. Now take your handy wingate scanner. Plug in his IP and search for a similar one with the scanner. If you can't find one in the same Class C range, try Class B if you have to, but make sure it resolves to something close to DumbOP's IP. Good, so now you have a wingate IP similar to DumbOP's. If you couldn't find an IP close to his, try this with another op with an exploitable script. Do a /whois DumbOP to find the IRC server he's on and his ident (the thing before the @ip). So now that you have the wingate IP, what do you do with it? I'll assume you never wingated before, and I'll explain how to do it with mIRC. For the example, let's say the wingate IP is 1.2.3.4, DumbOP's ident is 'opident', and DumbOP's irc server is 'irc.server.net'. Open a new instance of mIRC, and in the status window, do the following: /server 1.2.3.4 23 You'll see it say "WinGate>NICK (some nick)" Right after you see this, type: /quote irc.server.net 6667 You'll probably then see something like "Connecting to host USER...Host name lookup for USER failedirc.server.net 6667 Connecting to host irc.server.net...connected" You might see more than this, you might see less. The important thing to watch for is: " -1.2.3.4- *** Looking up your hostname... -1.2.3.4- *** Checking Ident -1.2.3.4- *** Found your hostname -1.2.3.4- *** Got Ident response " Once you see that, type: /quote user opident opident opident opident /quote nick DumbOP1 You don't have to use 'DumbOP1', just use any temporary nick you want. Also, you can use '/raw' instead of '/quote' if you wish. If you did everything correctly, you'll see the MOTD for the irc server, and you'll be connected. If by chance 1.2.3.4 is k-lined from irc.server.net, you'll have to go through the whole process again with a different server. This makes your "spoofing" (it's not REALLY spoofing) attempt less realistic looking, but if you have to use a different server, then do it. Once you're online, everything works like normal. Do a /whois DumbOP1 to see your info. It should be close to DumbOP's. You're halfway there! The next thing to do (not necessary, but recommended) is to try to find out some info on DumbOP. I recommend trying "nbtstat -A " at the dos prompt, that might provide you with a name or two if you're lucky. This is just some useful information that might come in handy. Also, try searching ICQ for his nick and check his info, you might find good stuff in there. The next step is to disconnect DumbOP from IRC. Either use an exploit, or nuke him (Click is sometimes useful (if you don't know what Click is, it's a program made by Rhad to have an IRC server 'nuke' a person... it sometimes works)), or ICMP flood him. Do anything you have to to disconnect him. By the way, you should have your original IRC session still open, with your wingated IRC session running as a different instance of mIRC (you should have 2 'versions' of mIRC running at the same time now, one with your original nick, info, etc., and the other with the DumbOP1 stuff). While you're attacking DumbOP, monitor the channel with your original session of mIRC and wait for DumbOP to disconnect. Immediately after you see that, rename DumbOP1 to DumbOP (/nick DumbOP) and join the channel! Don't say anything! If you're lucky, a stupid op will op you. Then mass deop. If nothing happens for about 5 or 6 minutes, mass message the ops, saying something like "what happened? why am I not opped?". You might get into a conversation. Remember to keep calm, and talk like an op. Don't freak out and demand for them to op you. The "useful information" might come in handy now. Often the ops will tell you to get ops from the bots. Just say something like you're desynched from the bots because of your ping timeout. If your impersonation is good enough, 9/10 times they'll op you. Like I said before, IMMEDIATELY do a mass deop. If possible, bring AT LEAST two bots (real bots, not just simple clones) into the channel to hold it and protect it. If you followed all these steps thoroughly, you should be able to takeover most channels as long as there are at least 2 human ops (1 of which you'll be 'spoofing', the other you'll be messaging to op you). Good luck and have fun! If you have any questions/comments/whatever, e-mail St0rmer at st0rmer@hotmail.com and/or message me on Efnet (nick St0rmer). @HWA 05.0 The Frontpage exploit ~~~~~~~~~~~~~~~~~~~~~ From http://web.raex.com/~novak/texts.html First of all, Frontpage is braindammaged (just have to set the stage). Ok, Frontpage works like this when you want to publish files: It tries to GET "http://www.yourdomain.com/_vti_inf.html". This file contains the version of the FP extensions and the path on the server where the extensions are located. When you use Frontpage to upload content, it will try and fetch this file, if it can, it then tries to POST to "http://www.yourdomain.com/_vti_bin/shtml.exe/_vti_rpc" (that's the default). This server binary is not password protected, so it is able to post a query to it. The first thing it does is just establish a protocol rev in which the client and server are going to talk, and what functions the server provides. If you have any people using Frontpage, it's likely that they FTPed the _vti_inf.html from their home machine up to your site. Then they tried to publish, and it tried HTTP first. If HTTP fails, it just kicks over to FTP as the publishing protocol (and notifies the user that they can't use WebBots and stuff). Incidentally, I have a passion to hate the FP extensions. They are fundamentally stupid in nearly all respects of implementation. Firsly, they maintain a crapload of meta files (one shadow for every file managed) then they have all of their config info in a bunch of text files in the _vti_pvt directory. (Oh, BTW, there exists a very HUGE privacy hole in the FP extenstions). If you go to a site that has FP extensions, just pick any directory in the URL, yank the filename off, and put "_vti_cnf" there instead...you'll get a complete listing of all the files in the real directory. With this you can snatch files that weren't meant to be seen by the public...and it's available on ALL FP enabled sites. Hmm, I've contributed a "privacy bug" now. :) Want to know an even cooler hack? Want to break into Frontpage enabled sites? Just snarf the "administrators.pwd" and "authors.pwd" file in: "http://www.yourdomain.com/_vti_pvt/administrators.pwd" That'll net you the password file for the web. Just convert it properly and run Crack on it to obtain a useful password for defacing web sites! Want even more??? Frontpage 98 fucks up the permissions so bad that it makes the _vti_pvt directory WORLD WRITABLE!!! No shit, you can do whatever you want to stuff in that directory. Hmm, I love incompetent nitwits that think they can buy someone elses crappy Unix shit and sell it as their own!!! :) Enjoy, Hackerz Elite (I did not write this) @HWA 06.0 Simple SMTP spoofing (yes it still works on most systems) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Mail Spoofing Explained NOTE: this was written with newbies in mind, thats why it's so simple and through. If you're more advanced, bear with it :) Ok, here is the most through, and explained mail spoofing article ever writen. First of all, let's define mail spoofing. Have you ever wanted to mail somebody annonymously? Have you ever wanted to send mail from adresses such as nasa.com, fbi.org, or just about anything else? Of course you have! All we need is a telnet client. This method uses a very simple thing called smtp, which stands for Simple Mail Transfer Protocol. Wait, don't run away yet, it may sound complicated but it really isn't. Here are the steps you have to take: * telnet to port 25 of any web server * type: mail from: spoofed@adress.com * type: rcpt to: recipient@of.the.letter.org * type: data * type: your message here * type: . Does this seam unclear to you? Well, I thought of that, below are step by step instructions for windows95: If you're runing win 95: * click on start, and chose run * type: telnet in the dialog box * press enter-a telnet client pops up * click on "terminal" menu * chose preferences * make sure that "Enable local echo" is checked * click on the "connect" menu * click on "remote system"-a dialog box pops up * enter any adress in the dialog box (example: www.omnics.co.jp) * see where it says "port" delete the stuff inside, and type number 25 * click connect Ok, now we're connected to the host, see the little greeting message? good. Now issue the following command just like you see them: Replace the xxx@xxx.xxx.xxx with anything you want, my personal favorite is president@whitehouse.org be creative ;) * mail from: xxx@xxx.xxx.xxx * rcpt to: place the adress where you wanna send the mail to here * data * type your message here * . * (yes, that is a period by itself ;) Boom, you're done, the mail has been sent :) Wanna hear a funny thing? This isn't even illegal :) Here's a more info on this, which is intented for a bit more advanced users, newbies are welcome to read this too, it explains how this works. You see, port 25 is the mail port. When you telnet to the mail port, you get to talk to the mail daemon. Mail daemons, speak smpt. Interested in learning more about smpt? After connecting to the host, just type "help" and you'll get some commands to play around with. @HWA 07.0 So you wanna be a hacker? ~~~~~~~~~~~~~~~~~~~~~~~~~ From http://web.raex.com/~novak/texts.html So you've decided to become a unix hacker but you don't know how to start? Before you really begin make yourself the following absolutly clear: 1.Hacking is much work. It's not a playground for kids who just want to have 15 nice minutes. You must learn how to operater and program a system. You must research how they react and read sourcecode. It's a long and hard way - so be warned. 2.Hacking is illegal. At least in most countries - only the netherlands and argentine come to my mind which hasn't got laws against hacking - so far! But be sure they will come. Even just to log on a system with an account which is not yours is a crime and can be punished. Once a judge spoke you guilty commiting a crime, it is put into your record. Your whole life might be ruined because there are only few companies who accept computer criminals as their employer. 3.Hacking is time consuming. You can't just do hacking half a year, then making a pause of 3+ month and then getting back to it. The time runs fast in the internet. New unix releases, new bugs and new fixes. Once you are outdated with your exploit data you must beg your chummers to give you the new stuff, and if you do that too often they won't be happy about that. 50+ % of the hacking time you spend are actual information gathering. Speak to other hackers, read mailing lists and newsgroups, watch good www and ftp sites. But what is the motivation to actual do unix hacking? Thats up to you. You want to become one, so think about it why you want to become one. Forget movies like "The Net" or "Hackers" - that's NOT reality! Forget dreams about being the hero, hacking the pentagon and becoming the sexiest man, getting every girl and ending with a cool payed job in the security company ;-) This is NOT what will happen - so make yourself clear why you want to do it and what you expect. Can you imagine your mom crying when the police come to arrest you? Keep these warnings in mind. This is to make sure that you know what you are doing and want to become. Note too that I wrote this fast guide only because I was asked that often from many guys, even successful phreakers/blueboxers, "how can I hack unix ?" - and time after time I got tired. So here it is. Don't blame me for incompleteness and mistakes - I don't care. Only the toughest survive - so try to get as much as possible out of this text if you are really new. |-------------------------- HOW TO START ----------------------------| 1.Get Familiar with it - or - How can you win a rodeo without learning how to handle a horse? 2.Get a unix distribution. Get Linux, FreeBSD, Solaris, Sinix etc. for your personal computer. Linux und FreeBSD are cheap and derived from BSD, whereas Solaris and Sinix are expensive and derived from Sys V. Tip: Get a linux distribution which has got a good handbook. You must learn how to operate your unix. Learn the basics, like changing directories, copy and delete commands and using the editor, first. 3.Motivate yourself to actual USE unix. How to do that - thats up to you. Maybe use a database which is in your unix distribution, program something in C for your school/university, what ever, you must learn to really use unix. 4.Get some books to help you. There are many out there, so just go into a good shop, best near an university, where the guys working there know what the good and the bad books for using unix are. I personally like the O'Reilly Nutshell handbooks much but dislike nearly all the Addison Wesley ones - but thats a personal opinion. 5.Get a real internet account with PPP and/or shell access. NEVER do hack or exchange hacking info not encrypted with PGP with this real account of your own! Try to configure your unix pc to connect to the inet provider. Some rare but good Linux Distribution have got a handbook (yes - something printed!) where they describe how to do that. Once you have followed these 5 steps and know how to operate unix (this should take about 2-8 weeks) then you should move to the next step: |------------------------ LEARN THE BASICS -------------------------| 6.Get some good books about unix and internet security. The best I found is "Practical Unix Security" by Garfinkel and Spafford, 2nd Edition, O'Reilly. Learn what the basic security problems, holes and features are unix have got, and what mistakes people make. 7.Try to get all the information and files you can find in the inet. Examine www and ftp sites and use search engines. Subscribe to important security mailing lists and read the newsgroups which might be important. Ask around on irc for good sites. Here is something to start: http://underground.org ftp://onyx.infonexus.com nntp://comp.security.* And of course the links on the Security & Hackerscene page ;-) bugtraq mailing list -> email : listserv@netspace.org message body : subscribe bugtraq you-real-name 8.Read and Analyze your files and data - and don't just collect them. Once words like "suid", "sniffer", "buffer overflow", "firewall", "rdist", "nis", "nfs" and "satan" aren't secrets for you anymore and you really know what they mean and their consequences for you - move on. |------------------------- BEGIN HACKING ---------------------------| 9.Get an account which isn't yours - try to get it from some hacker you know/met. Remember don't try to hack with your own account! 10.With this account you can try to hack your first system. Try your exploits etc. But remember the articles "How to cover your tracks" so your first illegal account isn't history after the 1st time using it. 11.Use ypx, remote sendmail exploits, insecure NFS exports etc. to get more hosts. You get very successful with this "old" stuff if you use big host lists and write/find scripts which automate the testing for you. But where can you find hostnames to build the host lists? Many possibilities. Try irc, /etc/hosts, www, statistical analysis data of the internet or www access etc. This should give you many hosts with accounts on. 12.Install a sniffer if possible on the system and you hacked root. That will give you many accounts to new hosts 13.try your exploit scripts. Finally some should work. Goto 12. |----------------------- BECOME A HACKER ---------------------------| What - you already hacked some systems root - and you aren't a hacker yet - why that? A Hacker isn't someone who just hacks a site, installs a sniffer and goes on. A real hacker is someone who wants to understand a system, know how it reacts, has got fun seizing control over it and is interested in discovering bugs and inventing new tools. He's so to say the Columbus of Cyberspace. 14.Try to get into touch with other hackers and exchange information, experiences, accounts, exploits and files. 15.Watch the discussions on the newsgroups, mailing lists and irc. Try to read some important RFCs, learn C and begin to program tools of your own. 16.Don't become "31337" - you know that you are cool and you don't need to convince everybody else of that fact. Behave normal and help others who are now asking you "how do I hack unix?" ... ... 17.Don't get tired. Stay in the scene, keep an eye on newgroups mailing lists and friends, don't stop hacking. Goto 17 Yep - thats all from me guys ... that text should gag every newcomer's mouth. It was quick and dirty but it has got all it needs. By unknown @HWA 08.0 DoD Still at Serious Risk ~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by Weld Pond A report released by the General Accounting Office last Thursday mentions that information security weaknesses are continuing to place defense operations at risk. GAO Report - PDF http://www.gao.gov/new.items/ai99107.pdf Federal Computer Week http://www.fcw.com/pubs/fcw/1999/0823/web-dod-8-27-99.html AUGUST 27, 1999 . . . 13:48 EDT Extensive security gaps persist in DOD networks BY DANIEL VERTON (dan_verton@fcw.com) Despite countless warnings dating to 1996, the Defense Department's information networks continue to be plagued by serious security flaws and weaknesses that have opened up almost every area of the department to cyberattacks and fraud, according to a new General Accounting Office report. Released today, GAO's report, "DOD Information Security: Serious Weaknesses Continue to Place Defense Operations at Risk," comes just weeks after deputy secretary of Defense John Hamre officiated over the ribbon-cutting ceremony of the Joint Task Force for Computer Network Defense. The JTF-CND, which was formed last December, serves as the focal point for DOD to organize the defense of DOD computer networks and systems. When cyberattacks are detected, the JTF-CND is responsible for directing departmentwide defenses to stop or contain damage and restore DOD network functions operations. The GAO report follows up on more than two dozen reports issued since 1996 that have outlined serious security flaws throughout DOD. "DOD has made limited progress in correcting general control weakness we reported in 1996," GAO concluded. "As a result, these weaknesses persist across every area of general controls." Security gaps identified in the report include weaknesses in access controls, software development and unauthorized roles and responsibilities for users. According to the report, support personnel working with an unidentified DOD system were able to alter system audit logs, which record all system activity and are a critical tool in identifying fraud and unauthorized access. "We found at every location we visited that there was inadequate periodic review of user access privileges to ensure those privileges continued to be appropriate," the report stated. In one case, access authorizations for more than 20,000 users were not documented, according to the report. In addition, GAO found that application programmers, including outside contractors, "had direct access to production resources, increasing the risk that unauthorized changes to production programs and data could be made and not detected." On one system, 74 user accounts had privileges enabling them to change program source code without supervisory oversight, the report stated. Speaking to reporters at the task force ribbon-cutting ceremony, Mike Dorsey, a special agent with the Naval Criminal Investigative Service who is working directly with the JTF-CND to investigate computer crimes against DOD networks, said unauthorized attempts to access DOD systems are on the rise but that DOD does not have the resources to respond to every incident. A spokeswoman for DOD said the department is addressing all the issues contained in the report. "We know the department has its work cut out. But we are aggressively pursuing initiatives through a 'defense in depth' strategy," the DOD spokeswoman said. "These changes won't happen overnight, but we are moving ahead as quickly as our resource processes will allow." @HWA 09.0 Clinton Urged to Reverse Crypto Policy ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by blosonne The President's Export Council Subcommittee on Encryption (PECSENC) has issued a recommendation to the President that recommends the administration lift all export controls of encryption products. USA Today http://www.usatoday.com/life/cyber/tech/ctf944.htm Newsbytes http://www.technews.com/pubNews/99/135459.html USA Today; White House panel: Export crypto, not jobs By Will Rodger, USATODAY.com A presidential advisory group is recommending the White House abandon nearly all export controls on hardware and software vital to assuring the privacy of Internet users, group members tell USATODAY.com. The advice from the panel, officially known as the President's Export Council Subcommittee on Encryption, flies in the face of a Clinton Administration policy that has drawn fire from civil libertarians and industry alike. That rancorous debate between the two sides now seems likely to intensify as the White House’s own group of advisers tells it to change course. Administration supporters -- drawn almost exclusively from the foreign intelligence and law-enforcement communities -- warn widespread availability of powerful encryption technologies will frustrate their efforts to wiretap criminals online and gather evidence from their computers offline. Civil libertarians and business lobbyists answer that argument with a simple observation: Foreign companies have already produced more than 800 products that far exceed US export guidelines. As long as encryption remains a rarity, they say, email and networked computers will be fair game for hackers, industrial spies and other hostile parties. "This is the most sweeping liberalization of encryption regulation ever proposed by a government encryption advisory board," said Stewart Baker, committee member and former counsel to the National Security Agency. The committee’s recommendations give the Administration a broad variety of options, says William Crowell, chairman of the encryption subcommittee of the President's Export Council. The council advises the president on issues concerning U.S. exports that could affect national security. Among other things, recommendations would: o Reduce paperwork for encryption exports to financial institutions and healthcare organizations. o Create a "license-free zone" by eliminating export approval requirements to countries that "do not present a significant national security concern." o Give preferential treatment to exports aimed at friendly governments, along with utilities, telecom operators and other segments of critical infrastructure that could fall prey to hacker attacks. o Allow export of a broad range of encryption products to online merchants, who need powerful encryption to do business. Kenneth Bass, an industry attorney who has often found himself on the other side of the table from Baker, said: "These are far-reaching proposed changes with extraordinary implications. Basically the export regime would be over were these changes implemented." Administration officials say they are taking seriously recommendations from the industry-heavy, 30-person subcommittee. William Reinsch, undersecretary for export administration at the Commerce Department, hosts the group at his agency’s headquarters. He hints industry leaders will get at least some of what they want. "The vice president promised to review our policy within the year when he announced (the last export-control changes) Sept. 16," Reinsch said. "My guess, it will be either shortly before or after Labor Day." Bass counters the export council’s recommendation has a "snowball’s chance in hell" of affecting policy. As much as he thinks the council is right, Bass said, years of glacial movement on the issue suggest the White House won't give up so easily. But Crowell said he believes the White House will loosen some restrictions sometime next month. "Several things might contribute to change," the 27-year NSA veteran said. "The most significant one is the way business is being done." In addition, Crowell said, Congress continues to push liberalization forward in the House and Senate, while three separate cases challenging export regulations on First Amendment grounds continue to make their way through the courts. "There’s no one thing that would cause them to move, but I think collectively the time’s right." @HWA 10.0 L0pht Releases Version 1.0 of AntiSniff ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by Dr. Mudge L0pht Heavy Industries, today announced the release of its ground breaking AntiSniff network security software. AntiSniff can detect attackers surreptitiously monitoring a computer network. They have also released a position paper that explains why this is such an important breakthrough. AntiSniff http://www.antisniff.com/antisniff/ Yahoo News http://biz.yahoo.com/bw/990830/ma_lopht_h_1.html Monday August 30, 6:01 am Eastern Time Company Press Release L0pht Heavy Industries Releases Its Revolutionary New AntiSniff Network Security Software BOSTON--(BUSINESS WIRE)--Aug. 30, 1999--L0pht Heavy Industries, a world renowned computer security think tank, today announced the release of its groundbreaking AntiSniff network security software. AntiSniff can detect attackers surreptitiously monitoring a computer network. ``AntiSniff is a whole new breed of network security tool, designed to detect the attack patterns used in compromising a computer network, instead of merely being reactive to already known vulnerabilities.'', said Dr. Mudge, Chief Scientist at L0pht Heavy Industries. AntiSniff, which operates on both Windows NT and UNIX operating systems, will detect remote computers that are packet sniffing, that is, monitoring all network communications. Network communication can be likened to large group of people standing together in a room and talking. When people talk to each other, others nearby have the ability to listen in. When computers communicate over networks, they normally only listen to communications destined to themselves. However, they also have the ability to enter promiscuous mode, which allows them to listen to communications that are destined to other computers. When an attacker successfully compromises a computer, they install what is known as a packet sniffer, a tool that puts the computer into promiscuous mode. This allows them to monitor and record all network communications. The private information they gather, such as account names, passwords, credit cards, and even e-mail, is then used to compromise other computers. This is how, from one weak computer in a computer network, many computers, and the information they contain can be compromised. Until now, it has been impossible for network administrators to remotely detect if computers were listening in on all network communications. L0pht Heavy Industries' AntiSniff stops all this, by giving network administrators and information security professionals the ability to remotely detect computers that are packet sniffing, regardless of the operating system. Dr. Mudge explains, ``AntiSniff works by running a number of non intrusive tests, in a variety of fashions, which can determine whether or not a remote computer is listening in on all network communications. Now it is impossible for an attacker who is sniffing to hide.'' Mark Loveless, the project manager for Enterprise Security at Burlington Northern Santa Fe Railway had this to say, ``We have been using AntiSniff during the beta period, and have found it to perform perfectly. It found every promiscuous device we had on each network segment we tested it on. We use a number of different devices to monitor our network -- AntiSniff gives us the ability to monitor who is doing the monitoring. When it comes to helping detect malicious behavior on the network, AntiSniff has definitely raised the bar.'' Current network security tools, such as network scanners, work by probing machines for software that contains bugs or software that's misconfigured. Intrusion Detection Systems (IDS), work by finding malicious signatures in network traffic. AntiSniff, on the other hand, is the first of it's kind. It remotely detects the passive act of eavesdropping on network communications. Machines that have been compromised by publically unknown vulnerabilities will be detected. It will even detect packet sniffers installed by a rogue insider who may have legitimate administrative access to a machine, but should not be monitoring all network traffic. AntiSniff is currently available for Windows NT, complete with a fully featured graphical interface, report generating tools, and alarm system. It is designed to quickly scan a network or to scan continuously, triggering alarms when a ``packet sniffing'' machine is detected. The product is priced at $350 per licensed machine. Site licenses and maintenance support are available. To further the research of the security community as a whole, as they have in previous products, L0pht will be releasing AntiSniff as a UNIX command line tool, complete with full source code. The UNIX version will be free for non-commercial use. For more information please contact AntiSniff@l0pht.com. A 14 day fully functional trial version and full documentation are available for download at http://www.l0pht.com/antisniff/. About L0pht Heavy Industries L0pht Heavy Industries is a world renowned computer security think tank. Founded in 1992 as a computer research facility, the L0pht has grown into a leader in the field of computer security software. The L0pht's products include L0phtCrack, the industry standard NT password strength auditing tool. As a result of their innovative security research, the L0pht has released dozens of computer security advisories to the Internet community, warning of dangerous vulnerabilities in today's most widely used software. Many at the L0pht are considered top experts in the computer security field and have appeared on numerous network news programs and documentaries, as well as having testified about government computer security for the U.S. Senate. Visit the L0pht's web site at http://www.l0pht.com. All trademarks and registered trademarks are the property of their respective holders. Contact: L0pht Heavy Industries Sandy Halfinger, 617/926-4889 @HWA 11.0 HOPE 2000 Date Announced ~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com contributed by Macki The official Date and location of HOPE 2000 has been announced as July 14 - 16, 2000. This years HOPE will be held at the same location as the HOPE conference back in 1994. The HOtel PEnnsylvania. HOPE 2000 http://www.h2k.net HNN Cons Page http://www.hackernews.com/cons/cons.html @HWA 12.0 IBM and MS Receive Bomb Threats via Email ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com contributed by Netmask Jahair Joel Navarro, a resident alien from Panama living in Brooklyn, was arrested by the FBI on Thursday and accused of threatening to use a weapon of mass destruction. This after he emailed IBM and Microsoft and threatened to blow them up unless he received a large sum of money. USA Today http://www.usatoday.com/life/cyber/tech/ctf973.htm IBM, Microsoft e-mailed bomb threats NEW YORK (AP) - An 18-year-old Panamanian youth has been accused of sending e-mail bomb threats to IBM, threatening to demolish the company headquarters unless he was paid $5 million. Prosecutors said Friday that Jahair Joel Navarro was arrested by the FBI on Thursday and accused of threatening to use a weapon of mass destruction. The charge falls under federal anti-terrorism statutes and carries a maximum sentence of life in prison without parole. Navarro, a permanent resident alien, was ordered held without bail after prosecutors told a judge that Microsoft Corp. in Redmond, Wash. had received a similar bomb threat from him. A search of the youth's Brooklyn apartment turned up bomb-making and explosives recipes along with documents relating to various terrorist techniques, authorities said. Navarro allegedly identified himself as ''Shadowmega'' when he sent an e-mail on Tuesday addressed to IBM chief executive officer Lou Gerstner. He threatened in the e-mail to detonate five bombs if the Armonk, N.Y.-based company did not pay him $5 million by Friday, according to a release from U.S. Attorney Mary Jo White. Prosecutors said Navarro claimed the bombs were strategically placed to destroy the entire IBM building, and he threatened to detonate them if Gerstner contacted the police. Navarro wrote that he had access to hidden cameras and other monitoring capabilities at IBM's offices so he would know if Gerstner reported the threat, prosecutors said. Navarro allegedly instructed Gerstner to respond by e-mail. Ian Colley, an IBM spokesman said, ''We really don't have any comment beyond to say we're cooperating fully with law enforcement agencies.'' The FBI and police traced the e-mail message to a man identified as Barrington Pryce, Navarro's stepfather. They then went to his apartment and found the bomb-making and explosives literature, which appeared to have been downloaded from the Internet, according to the release. Navarro was inside the apartment during the search and was arrested. On Friday, U.S. Magistrate Judge George A. Yanthis ordered him held without bail. Joseph Valiquette, an FBI spokesman, said no bombs were ever found. @HWA 13.0 BackDoor-G Hits Web Hosting Company ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com contributed by Weld Pond The U.K. based company Fortune Cookie Digital Media recently had approximately 10 percent of the sites they hosted infected by a trojan/virus. Backdoor-G was used by the attacker to provided access to password files and upload virii to infected default documents like index.html. Fortune Cookie has started an investigation and has notified the local authorities. CNN http://cnn.com/TECH/computing/9908/27/fortune.cookie.idg/index.html Fortune Cookie hit by virus August 27, 1999 Web posted at: 2:12 p.m. EDT (1812 GMT) by Douglas F. Gray and Jack McCarthy From... (IDG) -- U.K.-based Web hosting and development company Fortune Cookie Digital Media was subject to an attack by a "Trojan horse" virus Wednesday, which affected a number of Web sites hosted by the company. Approximately 10 percent of the sites hosted by the company were infected with the virus, according to Justin Cooke, founder and managing director of Fortune Cookie. Earlier media reports quoted Cooke as stating the number as 30 percent, a figure which he states was "probably an overestimation because [the situation] was still going on." The Trojan horse virus, called BackDoor-G, provided access to passwords that uploaded a second virus to the Web server, which then infected certain default documents, including default.htm and index.html, according to a statement issued by the U.K. company. Cooke admitted that some of the Web sites affected by the virus belonged to small to medium-sized companies. Promotional Campaigns Group, a marketing firm, suffered from the virus, he said. The company could not be reached for comment today. All affected Web sites were returned to normal operation within 20 minutes, Cooke said. Fortune Cookie reported the incident to police authorities and is conducting its own investigation. "I don't understand why people would do such a thing," Cooke said. Viruses involving Internet sites are happening with increasing frequency, one expert said. "Web sites are popping up all over the place and a whole new generation of hackers have grown up with the Internet," said Darren Kessner, a senior virus researcher at Symantec's antivirus research center in Santa Monica, Calif. "Before, hackers would target people's home computers," Kessner said. "Now, as information spreads over the Internet through documents and e-mail, viruses can proliferate." Douglas F. Gray writes for the IDG News Service in London. Jack McCarthy is a correspondent for the IDG News Service in San Francisco. @HWA 14.0 HNN Adds New Search Engine ~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com contributed by Erik Now along with HNN, SecureRoot, Astalavista, and Secure Search, HNN now includes the Mindsec.com search engine on the HNN Search Page. The MindSec search engine is also capable of searching files on the attrition.org web site. HNN Search http://www.hackernews.com/search.html 15.0 40 Million Hotmail Accounts Vulnerable ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com contributed by Mikko A simple cgi script made its way around the internet last weekend that gave anyone with a web browser complete access to any hotmail account. Just enter the user name and you had complete access to read, delete and send email from someone else's account without knowing the password. The script was posted to several web sites before it stopped working. A MSN spokesperson claimed that the hole was fixed as soon as they were notified. The European newspaper who first broke the story and contacted MS said it took MS over ten hours to correct the issue. CNN http://www.cnn.com/TECH/computing/9908/30/hotmail.hack.01/ Nando Times http://www.nandotimes.com/technology/story/0,1643,87688-138539-964536-0,00.html Wired http://www.wired.com/news/news/business/story/21490.html ZD Net http://www.zdnet.com/zdnn/stories/news/1,4586,2324361,00.html Microsoft Spin - For a laugh read the news reports first then read this. http://lc3.law5.hotmail.passport.com/cgi-bin/dasp/content_secureres.asp?_lang= The stories, and Microsoft's response are below; CNN; ~~~~ Web site provided access to millions of Hotmail messages August 30, 1999 Web posted at: 11:12 a.m. EDT (1512 GMT) (CNN) -- Millions of free Internet e-mail accounts provided by Microsoft's Hotmail service were susceptible to a major security breach that allowed access Monday to users' accounts. The breach worked via a simple Web address which prompted for a Hotmail username. Once the username was entered, the Hotmail account came up and the mailbox was available. The hack opened all accounts tested by CNN Interactive, but e-mail messages couldn't always be opened. There was no immediate information on how long the breach was active. Shortly after CNN Interactive posted the story, the site was changed to a simple message, "Microsoft rules." Shortly after that, the URL redirected the user to a site for a new Web company. The breach allowed users to read and forward a member's old messages, read new messages and send e-mail in some cases under the name of the user -- assuming the member's identity. Hotmail boasts 40 million subscribers. A morning telephone call made to the public relations firm that handles Microsoft's publicity was referred to Microsoft's main number in Redmond, Washington. That call was forwarded by an operator to Microsoft's Corporate Security Desk. "You should send that to abuse@hotmail.com. " said Greg Betcher, at that desk. Erik Barkel, of Stockholm, Sweden, was listed in the domain name directory Internic as the administrator for the Web site's domain, but a call to his number did not go through. -=- Nando Times; ~~~~~~~~~~~~ Hotmail glitch exposes poor Internet security REDMOND, Wash. (September 1, 1999 6:32 a.m. EDT http://www.nandotimes.com) - Microsoft's free Hotmail e-mail system was shut down for about seven hours because of a security flaw that left millions of accounts vulnerable, though it was unclear whether any damage was done. "We haven't heard any reports, any customers calling to say they were affected by this directly," said Deanna Sanford, lead product manager for MSN marketing, Microsoft's Internet division. The system has been back on line and working smoothly ever since," said spokeswoman Kim Bouic a spokeswoman at Waggener Edstrom, a public-relations firm under contract to Microsoft. She added that no reports of problems had been received today. Microsoft shut down its Hotmail e-mail system, which has 40 million accounts, for about seven hours Monday morning after discovering the flaw that made accounts vulnerable to outside access. The company said the trouble was fixed by 10 a.m. PDT. "As soon as we were notified, we got our developers and testers on it, and we were able to determine a fix," Sanford said. The problem was first reported by the Swedish newspaper Expressen, which said several hackers around the world had set up Web sites offering unauthorized access to Hotmail's accounts simply by typing in a user name. Microsoft got word early Monday morning, Bouic said. Via the Web sites, people were able to read and send mail from any account without having the password. The Redmond-based software maker did not know how long the accounts were accessible. Microsoft posted a note to Hotmail users on its Web page Monday, apologizing for the shutdown. "In light of the inconvenience that such an action can cause users, this is not something that we take lightly but felt that, given Microsoft's commitment to protecting people's private data and information, it was the appropriate course of action," the company said. "Security and privacy are obviously key concerns," Microsoft spokesman Dan Leach said Monday night in a telephone interview. "Everything was brought back on line and everything is fine," he said. Leach said he knew of no other Microsoft products or services that might be similarly vulnerable. -=- Hotmail Accounts Exposed to All by Declan McCullagh and by James Glave 8:05 a.m. 30.Aug.99.PDT No sooner was one catastrophic security flaw closed Monday -- one that exposed millions of Hotmail accounts to prying eyes -- when another one appeared. The net result: Hotmail account holders were in danger of having their email messages read -- as well as being impersonated in email -- until midday Monday. The first breach was closed Monday at around 9 a.m. PDT, when Hotmail restored access to legitimate subscribers. The second breach -- a variation of the first -- may have been the result of one Hotmail machine that evidently was not fixed when the others were. The significance of these security holes is that private Hotmail accounts became available to anyone with a Web browser. Most security vulnerabilities on the Internet require in-depth knowledge of Unix or Windows NT language, technical knowledge that the average Web user does not possess. The bug appears to have affected every customer of what Microsoft says is "the world's largest provider of free Web-based email." Between 8:30 and 9 a.m. PDT, Microsoft pulled the plug on large portions of the entire Hotmail site, rendering it unreachable for millions of subscribers. During that period, the only access to Hotmail accounts could be made through illicit means -- by those who had access to a simple code that was spread wildly on the Net over the weekend. That was about 12 hours after the company was notified of the security hole. But users already logged in to their accounts -- or someone else's -- could continue to send, receive, and delete email. Around 9:30, sections of Hotmail began to slowly come back online. By that time, people without Hotmail accounts could connect to the site's homepage. Users with accounts configured to remember their password, however, received this unhelpful message: "ERROR: Cannot open UserData file." As of 10:15 a.m., Microsoft engineers, led by Mike Nichols in Redmond, Washington, had managed to fix that problem, too, and users could log in normally again. Yet there still was no reference to the problem anywhere on either the Hotmail or MSN sites. A unnamed Microsoft spokeswoman could not offer any explanation for the problem. She said that the company took down the Hotmail servers as soon as the company was notified of the problem by the European press Monday morning. She said Monday morning that the company had resolved the issue so that future attacks of this type would not be possible. That has not proven to be the case. The exploit worked this way: Any Web page that contained a short, simple code -- visible on most browsers as a type-in form -- was able connect to a Hotmail server simply by typing in a user name without requiring a password. By early Monday, copies of that HTML code were posted on hacking-related Web sites. The Hotmail exploit apparently took advantage of a bug in the start script that processed a login session between a Web browser and a server. One site where the problem surfaced was at 2038.com, which Network Solutions shows registered to Moving Pictures, a group based in Sweden. Erik Barkel, the contact associated with that domain, could not be reached for comment. As of about 8:30 a.m. that site redirected to a Web page promoting a marketing company. The managers of that company said they had nothing to do with the redirect. "It's just a point[er] put there by a person who's trying make a joke," said Anders Herlin, business development manager at Abel and Baker. "We haven't had the slightest idea why." "All I know is we do not want to be associated with it," said Herlin. "We are a fairly new company. Maybe someone wanted to cause us harm." But the code quickly spread to dozens, if not hundreds of sites. A Swedish newspaper, Expressen , reported the bug in its Monday editions. The bug let anyone log into a Hotmail account without typing a password. "We know nothing about [the individual who tipped us]. It was anonymous," said Christian Carrwik, one of two Expressen reporters who broke the news. "It has been circulating for a couple of days." Expressen said Microsoft was alerted very early Sunday morning. This is only the most recent Microsoft security gaffe. Redmond admitted earlier this month that its MSN Messenger instant messaging client can accidentally disclose Hotmail account passwords. Even if the password is supposedly deleted from a computer, someone else could still view it if they knew the proper keystrokes. Last week, Wired News reported a bug in tens of millions of Microsoft Windows computers that lets an attacker take control of a PC by sending an email message. Lindsey Arent contributed to this report. -=- ZDNet; ~~~~~~ -------------------------------------------------------------- This story was printed from ZDNN, located at http://www.zdnet.com/zdnn. -------------------------------------------------------------- Hotmail glitch: Wake-up call! By Lisa Bowman, ZDNN August 30, 1999 2:54 PM PT URL: Microsoft says it has fixed a security hole that left millions of Hotmail users exposed on the Internet –- but it may not be able to repair the public relations damage sure to follow. The private accounts of millions of Hotmail users were left exposed for hours, after several Web sites exploited a security hole in Microsoft software. The Web sites let anyone read, send or delete mail from an account simply by typing in a user name. No password was required. Microsoft (Nasdaq:MSFT) took its Hotmail servers down Monday morning after learning of the problem from the European press (several of the sites originated in Europe). By late morning, Microsoft said it had plugged the hole and promised that future attacks would be prevented. Fix underway Some readers sent messages to ZDNet Monday afternoon saying they could still raid people's accounts, but security experts said that's because Microsoft is going from server to server, fixing the problem. With 40 to 50 million users, Hotmail is the largest e-mail service. The hack apparently exploited a glitch that let Hotmail accept users as valid without cross-checking the URL that referred them to the site. A Microsoft spokeswoman said she didn't think people really cared how the security hole was exploited, only that the hole had been fixed to prevent future breaches. She said the hack required a "very advanced knowledge of Web development language." However, several computer experts said the code that took advantage of the Hotmail hole -- code that's been posted on hacker sites -- was actually quite simple. Coding is ‘trivial’ "It's trivial. It's just some HTML code," said Richard Smith, security expert and president of Phar Lap software, who was instrumental in catching the creator of the Melissa virus. Jay Dyson, a computer systems specialist in Pasadena, called the code "pathetically easy" to write. What's more, exploiting the hack to view someone's account doesn't require any computer proficiency -- only a browser and the ability to type in a user name. "The script is so trivial, I would be inclined to believe that this has been in the wild for a long time," Dyson said. Code is considered "in the wild" when it's passed among hackers without actually being exploited by users. But apparently some found this code too compelling to resist, so they posted sites that let users spy on other people's accounts. One of the earliest sites to exploit the bug was registered to Stockholm, Sweden-based Moving Pictures. In an e-mail exchange with ZDNet News, Erik Barkel, the person listed on Network Solutions Inc. as the administrator said: "I got credit for something I didn't do. I didn't code. I did put up a mirror." After the Hotmail hack site was taken down, the URL registered to Moving Pictures was directing people to a variety of sites, including Microsoft's own security page and a rant about Internet standards and date-related software problems. Microsoft said it had no immediate plans to notify users that their Hotmail accounts may have been read. Callers to Hotmail's technical support line were greeted with waits as long as 20 minutes. Technical support people were telling users that discarded Hotmail messages would still be in the trash, and documents that had been read would be marked as such. Wake-up call? Computer consultants and security experts hoped the move would be a wake-up call for consumers to demand more secure software. "Basically